Cybersecurity: Malware Analysis

Unit Outline (Higher Education)

   
?   Display Outline Guidelines      


Effective Term: 2025/05
Institute / School :Institute of Innovation, Science & Sustainability
Unit Title: Cybersecurity: Malware Analysis
Unit ID: GPSIT7011
Credit Points: 15.00
Prerequisite(s): Nil
Co-requisite(s): Nil
Exclusion(s): Nil
ASCED: 020109
Other Change:  
Brief description of the Unit

This project aims to prepare aspiring cybersecurity professionals to undertake malware analysis and detection. Working within the environment of a cybersecurity department, teams will perform static and dynamic analysis of an identified malware, and will gain an understanding of the process for the reverse engineering of malware. Experience of these processes will help learners gain skills in the most critical challenge faced by organizations in the fast-evolving digital era. Each team will produce reports on their work and make their colleagues aware of potential vulnerabilities.

Grade Scheme: Graded (HD, D, C, P, MF, F, XF)
Work Experience Indicator:
No work experience
Placement Component: No
Supplementary Assessment:
Where supplementary assessment is available a student must have failed overall in the Unit but gained a final mark of 45 per cent or above, has completed all major assessment tasks (including all sub-components where a task has multiple parts) as specified in the Unit Description and is not eligible for any other form of supplementary assessment
Course Level:
Level of Unit in CourseAQF Level(s) of Course
5678910
Introductory                                                
Intermediate                                                
Advanced                                        
Learning Outcomes:
Knowledge:
K1.

Identify and describe reasons for system malfunctions in complex cybersecurity environments, referring to theoretical frameworks and academic literature. 

K2.

Analyse and assess the impacts of malware on systems and networks across various operational contexts. 

K3.

Demonstrate a comprehensive understanding of advanced strategies for analysing and mitigating the network behaviour of complex and unknown malware, including critical evaluation of cutting-edge tools and methodologies used to address advanced cybersecurity challenges. 

K4.

Explain methodologies and technologies that can detect and remediate malware attacks using baseline analysis environments.

Skills:
S1.

Identify, classify, and characterise malware using hash values and other mechanisms. 

S2.

Apply reverse-engineering tools and techniques

to dissect and analyse libraries and functions used by malware. 

S3.

Collaborate as part of a team to address a malware analysis and response project. 

S4.

Apply advanced techniques to simulate malware attacks, creating and testing robust network defence mechanisms that anticipate and counteract evolving threats.

Application of knowledge and skills:
A1.

 Apply static and dynamic analysis to detect, interpret, and evaluate malware behaviour, and recommend defence strategies based on industry frameworks and academic literature.

A2.

Simulate and analyse intricate malware attack scenarios to evaluate and refine network defence mechanisms, incorporating advanced threat modelling and response strategies to improve system resilience. 

A3.

Develop and justify a comprehensive and strategic response plan, ensuring integration with broader cybersecurity policies, frameworks, and academic literature for effective malware threat management.

Unit Content:

Sprint 1 (2 Weeks)

Problem Scenario Analysis and Environment Setup

Objective: Gain an in-depth understanding of the complex problem scenario related to advanced malware analysis and set up the necessary tools and environments.

Activities:

Analyse and understand the detailed problem scenario presented.

Install and configure advanced tools/software required for both static and dynamic malware analysis.

Set up a comprehensive lab environment, ensuring all systems are secured and prepared for debugging and reverse engineering tasks.

Deliverables:

Project plan outlining key milestones, roles, responsibilities, and timelines.

Documentation of the lab environment setup and configuration, including security protocols.


Sprint 2 (2 Weeks)

Project Planning and Preliminary Analysis

Objective: Develop a detailed project plan and conduct preliminary static analysis to establish a baseline understanding of the malware.

Activities:

Finalize the project plan, including standard operating procedures (SOPs), reporting templates, and a risk management plan.

Perform preliminary static analysis of the malware to identify its characteristics and potential threats.

Document the initial findings, focusing on the malware’s structure, potential impact, and areas requiring further investigation.

Deliverables:

Comprehensive project plan and SOPs.

Preliminary analysis report highlighting key characteristics and risks associated with the malware.


Sprint 3 (2 Weeks)

Dynamic Analysis and System Impact Assessment

Objective: Conduct dynamic analysis to understand the real-time behaviour of the malware and assess its impact on the system.

Activities:

Perform dynamic analysis, observing how the malware interacts with system resources, processes, and network connections.

Evaluate the system impact, focusing on performance degradation, resource utilization, and potential data exfiltration.

Document the findings, emphasizing differences between static and dynamic analysis results.

Deliverables:

Detailed report on the malware's dynamic behaviour and its impact on the system.

Presentation on the findings, comparing static and dynamic analysis outcomes.


Sprint 4 (2 Weeks)

Network Behaviour Analysis and Simulation

Objective: Analyse the network behaviour of the malware and simulate potential attack scenarios in a controlled environment.

Activities:

Analyse network traffic generated by the malware to identify patterns, anomalies, and potential vulnerabilities.

Simulate the malware in a controlled lab environment to observe its behaviour in different network configurations.

Develop a set of recommendations for mitigating network-based attacks.

Deliverables:

Network analysis report, including identified vulnerabilities and mitigation strategies.

Simulation results with a focus on the malware’s behaviour under different network conditions.


Sprint 5 (2 Weeks)

Reverse Engineering and Vulnerability Identification

Objective: Reverse engineer the malware to identify hard-coded behaviours, vulnerabilities, and potential points of exploitation.

Activities:

Conduct reverse engineering to dissect the malware code and identify embedded functions, hard-coded keys, or vulnerabilities.

Compare the reverse-engineered code with known malware signatures to identify similarities or unique threats.

Document the reverse engineering process, highlighting key vulnerabilities and potential exploitation techniques.

Deliverables:

Reverse engineering report detailing the vulnerabilities discovered and potential exploits.

Presentation on the reverse engineering process, including tools used and challenges encountered.


Sprint 6 (2 Weeks)

Response Plan Development and Final Assessment.

Objective: Develop and present a comprehensive response plan, incorporating all findings from previous sprints, to detect, protect, and mitigate the identified malware threat.

Activities:

Synthesize all findings from previous sprints into a cohesive response strategy.

Develop a detailed response plan, including detection mechanisms, mitigation strategies, and post-incident recovery steps.

Present the final response plan to stakeholders, simulating a real-world cybersecurity briefing.

Deliverables:

Comprehensive response plan document, ready for implementation in a real-world scenario.

Final presentation, including a Q&A session with simulated stakeholders.


Graduate Attributes:
 Learning Outcomes AssessedAssessment TasksAssessment TypeWeighting
1.K1, K2, S1, A1

Students will critically evaluate a complex malware sample, documenting their findings regarding its compilation, encryption methods, and potential impact on enterprise systems

Research and Analysis Report

25-30%

2.K3, S3, A2, A3

Teams will simulate a malware attack in a controlled environment and present their analysis on the malware's behaviour and potential countermeasures.

Practical Malware Simulation

25-30%

3.K4, S2, S4, A3

Develop and present a comprehensive reverse engineering and mitigation plan for a sophisticated malware attack scenario, demonstrating mastery of all unit knowledge and skills. This includes a detailed report and a presentation to industry professionals. 

Project

40-50%

Adopted Reference Style:
APA  

Professional Standards / Competencies:
 Standard / Competency